样式: 排序: IF: - GO 导出 标记为已读
-
Deep Is Better? An Empirical Comparison of Information Retrieval and Deep Learning Approaches to Code Summarization ACM Trans. Softw. Eng. Methodol. (IF 4.4) Pub Date : 2024-03-15 Tingwei Zhu, Zhong Li, Minxue Pan, Chaoxuan Shi, Tian Zhang, Yu Pei, Xuandong Li
Code summarization aims to generate short functional descriptions for source code to facilitate code comprehension. While Information Retrieval (IR) approaches that leverage similar code snippets and corresponding summaries have led the early research, Deep Learning (DL) approaches that use neural models to capture statistical properties between code and summaries are now mainstream. Although some
-
Improving Automated Program Repair with Domain Adaptation ACM Trans. Softw. Eng. Methodol. (IF 4.4) Pub Date : 2024-03-15 Armin Zirak, Hadi Hemmati
Automated Program Repair (APR) is defined as the process of fixing a bug/defect in the source code, by an automated tool. APR tools have recently experienced promising results by leveraging state-of-the-art Neural Language Processing (NLP) techniques. APR tools such as TFix and CodeXGLUE that combine text-to-text transformers with software-specific techniques are outperforming alternatives, these days
-
Ethics in the Age of AI: An Analysis of AI Practitioners’ Awareness and Challenges ACM Trans. Softw. Eng. Methodol. (IF 4.4) Pub Date : 2024-03-15 Aastha Pant, Rashina Hoda, Simone V. Spiegler, Chakkrit Tantithamthavorn, Burak Turhan
Ethics in AI has become a debated topic of public and expert discourse in recent years. But what do people who build AI—AI practitioners—have to say about their understanding of AI ethics and the challenges associated with incorporating it into the AI-based systems they develop? Understanding AI practitioners’ views on AI ethics is important as they are the ones closest to the AI systems and can bring
-
Measurement of Embedding Choices on Cryptographic API Completion Tasks ACM Trans. Softw. Eng. Methodol. (IF 4.4) Pub Date : 2024-03-15 Ya Xiao, Wenjia Song, Salman Ahmed, Xinyang Ge, Bimal Viswanath, Na Meng, Danfeng (Daphne) Yao
In this article, we conduct a measurement study to comprehensively compare the accuracy impacts of multiple embedding options in cryptographic API completion tasks. Embedding is the process of automatically learning vector representations of program elements. Our measurement focuses on design choices of three important aspects, program analysis preprocessing, token-level embedding, and sequence-level
-
Understanding Developers Well-Being and Productivity: A 2-year Longitudinal Analysis during the COVID-19 Pandemic ACM Trans. Softw. Eng. Methodol. (IF 4.4) Pub Date : 2024-03-15 Daniel Russo, Paul H. P. Hanel, Niels Van Berkel
The COVID-19 pandemic has brought significant and enduring shifts in various aspects of life, including increased flexibility in work arrangements. In a longitudinal study, spanning 24 months with six measurement points from April 2020 to April 2022, we explore changes in well-being, productivity, social contacts, and needs of software engineers during this time. Our findings indicate systematic changes
-
Learning from Very Little Data: On the Value of Landscape Analysis for Predicting Software Project Health ACM Trans. Softw. Eng. Methodol. (IF 4.4) Pub Date : 2024-03-14 Andre Lustosa, Tim Menzies
When data is scarce, software analytics can make many mistakes. For example, consider learning predictors for open source project health (e.g., the number of closed pull requests in 12 months time). The training data for this task may be very small (e.g., 5 years of data, collected every month means just 60 rows of training data). The models generated from such tiny datasets can make many prediction
-
The Lost World: Characterizing and Detecting Undiscovered Test Smells ACM Trans. Softw. Eng. Methodol. (IF 4.4) Pub Date : 2024-03-15 Yanming Yang, Xing Hu, Xin Xia, Xiaohu Yang
Test smell refers to poor programming and design practices in testing and widely spreads throughout software projects. Considering test smells have negative impacts on the comprehension and maintenance of test code and even make code-under-test more defect-prone, it thus has great importance in mining, detecting, and refactoring them. Since Deursen et al. introduced the definition of “test smell”,
-
How Important Are Good Method Names in Neural Code Generation? A Model Robustness Perspective ACM Trans. Softw. Eng. Methodol. (IF 4.4) Pub Date : 2024-03-14 Guang Yang, Yu Zhou, Wenhua Yang, Tao Yue, Xiang Chen, Taolue Chen
Pre-trained code generation models (PCGMs) have been widely applied in neural code generation, which can generate executable code from functional descriptions in natural languages, possibly together with signatures. Despite substantial performance improvement of PCGMs, the role of method names in neural code generation has not been thoroughly investigated. In this article, we study and demonstrate
-
A Post-training Framework for Improving the Performance of Deep Learning Models via Model Transformation ACM Trans. Softw. Eng. Methodol. (IF 4.4) Pub Date : 2024-03-15 Jiajun Jiang, Junjie Yang, Yingyi Zhang, Zan Wang, Hanmo You, Junjie Chen
Deep learning (DL) techniques have attracted much attention in recent years and have been applied to many application scenarios. To improve the performance of DL models regarding different properties, many approaches have been proposed in the past decades, such as improving the robustness and fairness of DL models to meet the requirements for practical use. Among existing approaches, post-training
-
Safety of Perception Systems for Automated Driving: A Case Study on Apollo ACM Trans. Softw. Eng. Methodol. (IF 4.4) Pub Date : 2024-03-15 Sangeeth Kochanthara, Tajinder Singh, Alexandru Forrai, Loek Cleophas
The automotive industry is now known for its software-intensive and safety-critical nature. The industry is on a path to the holy grail of completely automating driving, starting from relatively simple operational areas like highways. One of the most challenging, evolving, and essential parts of automated driving is the software that enables understanding of surroundings and the vehicle’s own as well
-
Attack as Detection: Using Adversarial Attack Methods to Detect Abnormal Examples ACM Trans. Softw. Eng. Methodol. (IF 4.4) Pub Date : 2024-03-15 Zhe Zhao, Guangke Chen, Tong Liu, Taishan Li, Fu Song, Jingyi Wang, Jun Sun
As a new programming paradigm, deep learning (DL) has achieved impressive performance in areas such as image processing and speech recognition, and has expanded its application to solve many real-world problems. However, neural networks and DL are normally black-box systems; even worse, DL-based software are vulnerable to threats from abnormal examples, such as adversarial and backdoored examples constructed
-
Representation Learning for Stack Overflow Posts: How Far Are We? ACM Trans. Softw. Eng. Methodol. (IF 4.4) Pub Date : 2024-03-15 Junda He, Xin Zhou, Bowen Xu, Ting Zhang, Kisub Kim, Zhou Yang, Ferdian Thung, Ivana Clairine Irsan, David Lo
The tremendous success of Stack Overflow has accumulated an extensive corpus of software engineering knowledge, thus motivating researchers to propose various solutions for analyzing its content. The performance of such solutions hinges significantly on the selection of representation models for Stack Overflow posts. As the volume of literature on Stack Overflow continues to burgeon, it highlights
-
Reusing Convolutional Neural Network Models through Modularization and Composition ACM Trans. Softw. Eng. Methodol. (IF 4.4) Pub Date : 2024-03-15 Binhang Qi, Hailong Sun, Hongyu Zhang, Xiang Gao
With the widespread success of deep learning technologies, many trained deep neural network (DNN) models are now publicly available. However, directly reusing the public DNN models for new tasks often fails due to mismatching functionality or performance. Inspired by the notion of modularization and composition in software reuse, we investigate the possibility of improving the reusability of DNN models
-
SourcererJBF: A Java Build Framework For Large-Scale Compilation ACM Trans. Softw. Eng. Methodol. (IF 4.4) Pub Date : 2024-03-15 Md Rakib Hossain Misu, Rohan Achar, Cristina V. Lopes
Researchers and tool developers working on dynamic analysis, software testing, automated program repair, verification, and validation, need large compiled, compilable, and executable code corpora to test their ideas. The publicly available corpora are relatively small, and/or non-compilable, and/or non-executable. Developing a compiled code corpus is a laborious activity demanding significant manual
-
PTM-APIRec: Leveraging Pre-trained Models of Source Code in API Recommendation ACM Trans. Softw. Eng. Methodol. (IF 4.4) Pub Date : 2024-03-15 Zhihao Li, Chuanyi Li, Ze Tang, Wanhong Huang, Jidong Ge, Bin Luo, Vincent Ng, Ting Wang, Yucheng Hu, Xiaopeng Zhang
Recommending APIs is a practical and essential feature of IDEs. Improving the accuracy of API recommendations is an effective way to improve coding efficiency. With the success of deep learning in software engineering, the state-of-the-art (SOTA) performance of API recommendation is also achieved by deep-learning-based approaches. However, existing SOTAs either only consider the API sequences in the
-
Causality-driven Testing of Autonomous Driving Systems ACM Trans. Softw. Eng. Methodol. (IF 4.4) Pub Date : 2024-03-15 Luca Giamattei, Antonio Guerriero, Roberto Pietrantuono, Stefano Russo
Testing Autonomous Driving Systems (ADS) is essential for safe development of self-driving cars. For thorough and realistic testing, ADS are usually embedded in a simulator and tested in interaction with the simulated environment. However, their high complexity and the multiple safety requirements lead to costly and ineffective testing. Recent techniques exploit many-objective strategies and ML to
-
Learning-based Relaxation of Completeness Requirements for Data Entry Forms ACM Trans. Softw. Eng. Methodol. (IF 4.4) Pub Date : 2024-03-15 Hichem Belgacem, Xiaochen Li, Domenico Bianculli, Lionel Briand
Data entry forms use completeness requirements to specify the fields that are required or optional to fill for collecting necessary information from different types of users. However, because of the evolving nature of software, some required fields may not be applicable for certain types of users anymore. Nevertheless, they may still be incorrectly marked as required in the form; we call such fields
-
Vision Transformer Inspired Automated Vulnerability Repair ACM Trans. Softw. Eng. Methodol. (IF 4.4) Pub Date : 2024-03-15 Michael Fu, Van Nguyen, Chakkrit Tantithamthavorn, Dinh Phung, Trung Le
Recently, automated vulnerability repair approaches have been widely adopted to combat increasing software security issues. In particular, transformer-based encoder-decoder models achieve competitive results. Whereas vulnerable programs may only consist of a few vulnerable code areas that need repair, existing AVR approaches lack a mechanism guiding their model to pay more attention to vulnerable code
-
Compositional Verification of First-Order Masking Countermeasures against Power Side-Channel Attacks ACM Trans. Softw. Eng. Methodol. (IF 4.4) Pub Date : 2024-03-14 Pengfei Gao, Fu Song, Taolue Chen
Power side-channel attacks allow an adversary to efficiently and effectively steal secret information (e.g., keys) by exploiting the correlation between secret data and runtime power consumption, hence posing a serious threat to software security, particularly cryptographic implementations. Masking is a commonly used countermeasure against such attacks, which breaks the statistical dependence between
-
Early Validation and Verification of System Behaviour in Model-based Systems Engineering: A Systematic Literature Review ACM Trans. Softw. Eng. Methodol. (IF 4.4) Pub Date : 2024-03-15 Johan Cederbladh, Antonio Cicchetti, Jagadish Suryadevara
In the Systems Engineering (SE) domain there has been a paradigm shift from document-based to model-based system development artefacts; in fact, new methodologies are emerging to meet the increasing complexity of current systems and the corresponding growing need of digital workflows. In this regard, Model-Based Systems Engineering (MBSE) is considered as a key enabler by many central players of the
-
Understanding Developers Well-being and Productivity: A 2-year Longitudinal Analysis during the COVID-19 Pandemic—RCR Report ACM Trans. Softw. Eng. Methodol. (IF 4.4) Pub Date : 2024-03-15 Daniel Russo, Paul H. P. Hanel, Niels van Berkel
The artifact accompanying the paper “Understanding Developers Well-Being and Productivity: A 2-year Longitudinal Analysis during the COVID-19 Pandemic” provides a comprehensive set of tools, data, and scripts that were utilized in the longitudinal study. Spanning 24 months, from April 2020 to April 2022, the study delves into the shifts in well-being, productivity, social contacts, needs, and several
-
DinoDroid: Testing Android Apps Using Deep Q-Networks ACM Trans. Softw. Eng. Methodol. (IF 4.4) Pub Date : 2024-03-14 Yu Zhao, Brent Harrison, Tingting Yu
The large demand of mobile devices creates significant concerns about the quality of mobile applications (apps). Developers need to guarantee the quality of mobile apps before it is released to the market. There have been many approaches using different strategies to test the GUI of mobile apps. However, they still need improvement due to their limited effectiveness. In this paper, we propose DinoDroid
-
Do Code Summarization Models Process Too Much Information? Function Signature May Be All What Is Needed ACM Trans. Softw. Eng. Methodol. (IF 4.4) Pub Date : 2024-03-14 Xi Ding, Rui Peng, Xiangping Chen, Yuan Huang, Jing Bian, Zibin Zheng
With the fast development of large software projects, automatic code summarization techniques, which summarize the main functionalities of a piece of code using natural languages as comments, play essential roles in helping developers understand and maintain large software projects. Many research efforts have been devoted to building automatic code summarization approaches. Typical code summarization
-
Poison Attack and Poison Detection on Deep Source Code Processing Models ACM Trans. Softw. Eng. Methodol. (IF 4.4) Pub Date : 2024-03-14 Jia Li ♂, Zhuo Li, Huangzhao Zhang, Ge Li, Zhi Jin, Xing Hu, Xin Xia
In the software engineering (SE) community, deep learning (DL) has recently been applied to many source code processing tasks, achieving state-of-the-art results. Due to the poor interpretability of DL models, their security vulnerabilities require scrutiny. Recently, researchers have identified an emergent security threat to DL models, namely, poison attacks. The attackers aim to inject insidious
-
How Are Multilingual Systems Constructed: Characterizing Language Use and Selection in Open-Source Multilingual Software ACM Trans. Softw. Eng. Methodol. (IF 4.4) Pub Date : 2024-03-14 Wen Li, Austin Marino, Haoran Yang, Na Meng, Li Li, Haipeng Cai
For many years now, modern software is known to be developed in multiple languages (hence termed as multilingual or multi-language software). Yet, to date, we still only have very limited knowledge about how multilingual software systems are constructed. For instance, it is not yet really clear how different languages are used, selected together, and why they have been so in multilingual software development
-
Testing of Deep Reinforcement Learning Agents with Surrogate Models ACM Trans. Softw. Eng. Methodol. (IF 4.4) Pub Date : 2024-03-14 Matteo Biagiola, Paolo Tonella
Deep Reinforcement Learning (DRL) has received a lot of attention from the research community in recent years. As the technology moves away from game playing to practical contexts, such as autonomous vehicles and robotics, it is crucial to evaluate the quality of DRL agents. In this article, we propose a search-based approach to test such agents. Our approach, implemented in a tool called Indago, trains
-
An Extractive-and-Abstractive Framework for Source Code Summarization ACM Trans. Softw. Eng. Methodol. (IF 4.4) Pub Date : 2024-03-14 Weisong Sun, Chunrong Fang, Yuchen Chen, Quanjun Zhang, Guanhong Tao, Yudu You, Tingxu Han, Yifei Ge, Yuling Hu, Bin Luo, Zhenyu Chen
(Source) Code summarization aims to automatically generate summaries/comments for given code snippets in the form of natural language. Such summaries play a key role in helping developers understand and maintain source code. Existing code summarization techniques can be categorized into extractive methods and abstractive methods. The extractive methods extract a subset of important statements and keywords
-
Algorithm Selection for Software Verification Using Graph Neural Networks ACM Trans. Softw. Eng. Methodol. (IF 4.4) Pub Date : 2024-03-14 Will Leeson, Matthew B. Dwyer
The field of software verification has produced a wide array of algorithmic techniques that can prove a variety of properties of a given program. It has been demonstrated that the performance of these techniques can vary up to 4 orders of magnitude on the same verification problem. Even for verification experts, it is difficult to decide which tool will perform best on a given problem. For general
-
Reducing the Impact of Time Evolution on Source Code Authorship Attribution via Domain Adaptation ACM Trans. Softw. Eng. Methodol. (IF 4.4) Pub Date : 2024-03-11 Zhen Li, Shasha Zhao, Chen Chen, Qian Chen
Source code authorship attribution is an important problem in practical applications such as plagiarism detection, software forensics, and copyright disputes. Recent studies show that existing methods for source code authorship attribution can be significantly affected by time evolution, leading to a decrease in attribution accuracy year by year. To alleviate the problem that Deep Learning (DL)-based
-
Generating Python Type Annotations from Type Inference: How Far Are We? ACM Trans. Softw. Eng. Methodol. (IF 4.4) Pub Date : 2024-03-11 Yimeng Guo, Zhifei Chen, Lin Chen, Wenjie Xu, Yanhui Li, Yuming Zhou, Baowen Xu
In recent years, dynamic languages such as Python have become popular due to their flexibility and productivity. The lack of static typing makes programs face the challenges of fixing type errors, early bug detection, and code understanding. To alleviate these issues, PEP 484 introduced optional type annotations for Python in 2014, but unfortunately, a large number of programs are still not annotated
-
Fairness Testing: A Comprehensive Survey and Analysis of Trends ACM Trans. Softw. Eng. Methodol. (IF 4.4) Pub Date : 2024-03-11 Zhenpeng Chen, Jie M. Zhang, Max Hort, Mark Harman, Federica Sarro
Unfair behaviors of Machine Learning (ML) software have garnered increasing attention and concern among software engineers. To tackle this issue, extensive research has been dedicated to conducting fairness testing of ML software, and this paper offers a comprehensive survey of existing studies in this field. We collect 100 papers and organize them based on the testing workflow (i.e., how to test)
-
Advanced White-Box Heuristics for Search-Based Fuzzing of REST APIs ACM Trans. Softw. Eng. Methodol. (IF 4.4) Pub Date : 2024-03-11 Andrea Arcuri, Man Zhang, Juan Pablo Galeotti
Due to its importance and widespread use in industry, automated testing of REST APIs has attracted major interest from the research community in the last few years. However, most of the work in the literature has been focused on black-box fuzzing. Although existing fuzzers have been used to automatically find many faults in existing APIs, there are still several open research challenges that hinder
-
Lessons Learned from Developing a Sustainability Awareness Framework for Software Engineering using Design Science ACM Trans. Softw. Eng. Methodol. (IF 4.4) Pub Date : 2024-03-08 Stefanie Betz, Birgit Penzenstadler, Leticia Duboc, Ruzanna Chitchyan, Sedef Akinli Kocak, Ian Brooks, Shola Oyedeji, Jari Porras, Norbert Seyff, Colin C. Venters
[Context and Motivation] To foster a sustainable society within a sustainable environment, we must dramatically reshape our work and consumption activities, most of which are facilitated through software. Yet, most software engineers hardly consider the effects on the sustainability of the IT products and services they deliver. This issue is exacerbated by a lack of methods and tools for this purpose
-
Automated Mapping of Vulnerability Advisories onto their Fix Commits in Open Source Repositories ACM Trans. Softw. Eng. Methodol. (IF 4.4) Pub Date : 2024-03-04 Daan Hommersom, Antonino Sabetta, Bonaventura Coppola, Dario Di Nucci, Damian A. Tamburri
The lack of comprehensive sources of accurate vulnerability data represents a critical obstacle to studying and understanding software vulnerabilities (and their corrections). In this paper, we present an approach that combines heuristics stemming from practical experience and machine-learning (ML)—specifically, natural language processing (NLP)—to address this problem. Our method consists of three
-
Communicating Study Design Trade-offs in Software Engineering ACM Trans. Softw. Eng. Methodol. (IF 4.4) Pub Date : 2024-03-02 Martin P. Robillard, Deeksha M. Arya, Neil A. Ernst, Jin L.C. Guo, Maxime Lamothe, Mathieu Nassif, Nicole Novielli, Alexander Serebrenik, Igor Steinmacher, Klaas-Jan Stol
Reflecting on the limitations of a study is a crucial part of the research process. In software engineering studies, this reflection is typically conveyed through discussions of study limitations or threats to validity. In current practice, such discussions seldom provide sufficient insight to understand the rationale for decisions taken before and during the study, and their implications. We revisit
-
Precisely Extracting Complex Variable Values from Android Apps ACM Trans. Softw. Eng. Methodol. (IF 4.4) Pub Date : 2024-02-27 Marc Miltenberger, Steven Arzt
Millions of users nowadays rely on their smartphones to process sensitive data through apps from various vendors and sources. Therefore, it is vital to assess these apps for security vulnerabilities and privacy violations. Information such as to which server an app connects through which protocol, and which algorithm it applies for encryption are usually encoded as variable values and arguments of
-
Fine-Grained Coverage-Based Fuzzing - RCR Report ACM Trans. Softw. Eng. Methodol. (IF 4.4) Pub Date : 2024-02-27 Wei-Cheng Wu, Bernard Nongpoh, Marwan Nour, Michaël Marcozzi, Sébastien Bardin, Christophe Hauser
This is the RCR report of the artifact for the paper ”Fine-Grained Coverage-Based Fuzzing”. The attached zip file contains scripts and pre-build binary programs to reproduce the results presented in the main paper. The artifact is released on Zenodo with DOI: 10.5281/zenodo.7275184. We claim the artifact to be available, functional and reusable. The technology skills needed to review the artifact is
-
Non-Autoregressive Line-Level Code Completion ACM Trans. Softw. Eng. Methodol. (IF 4.4) Pub Date : 2024-02-26 Fang Liu, Zhiyi Fu, Ge Li, Zhi Jin, Hui Liu, Yiyang Hao, Li Zhang
Software developers frequently use code completion tools to accelerate software development by suggesting the following code elements. Researchers usually employ AutoRegressive (AR) decoders to complete code sequences in a left-to-right, token-by-token fashion. To improve the accuracy and efficiency of code completion, we argue that tokens within a code statement have the potential to be predicted
-
Data Complexity: A New Perspective for Analyzing the Difficulty of Defect Prediction Tasks ACM Trans. Softw. Eng. Methodol. (IF 4.4) Pub Date : 2024-02-26 Xiaohui Wan, Zheng Zheng, Fangyun Qin, Xuhui Lu
Defect prediction is crucial for software quality assurance and has been extensively researched over recent decades. However, prior studies rarely focus on data complexity in defect prediction tasks, and even less on understanding the difficulties of these tasks from the perspective of data complexity. In this paper, we conduct an empirical study to estimate the hardness of over 33,000 instances, employing
-
Risky Dynamic Typing Related Practices in Python: An Empirical Study ACM Trans. Softw. Eng. Methodol. (IF 4.4) Pub Date : 2024-02-26 Zhifei Chen, Lin Chen, Yibiao Yang, Qiong Feng, Xuansong Li, Wei Song
Python’s dynamic typing nature provides developers with powerful programming abstractions. However, many type related bugs are accumulated in code bases of Python due to the misuse of dynamic typing. The goal of this paper is to aid in the understanding of developers’ high-risk practices towards dynamic typing and the early detection of type related bugs. We first formulate the rules of six types of
-
Requirement Engineering Methods for Virtual Reality Software Product Development - A Mapping Study ACM Trans. Softw. Eng. Methodol. (IF 4.4) Pub Date : 2024-02-26 Sai Anirudh Karre, Y. Raghu Reddy, Raghav Mittal
Software practitioners use various methods in Requirements Engineering (RE) to elicit, analyze and specify the requirements of a enterprise products. The methods impact the final product characteristics and influence product delivery. Ad-hoc usage of the methods by software practitioners can lead to inconsistency and ambiguity in the product. With the notable rise in enterprise products, games, etc
-
Enumerating Valid Non-Alpha-Equivalent Programs for Interpreter Testing ACM Trans. Softw. Eng. Methodol. (IF 4.4) Pub Date : 2024-02-12 Xinmeng Xia, Yang Feng, Qingkai Shi, James A. Jones, Xiangyu Zhang, Baowen Xu
Skeletal program enumeration (SPE) can generate a great number of test programs for validating the correctness of compilers or interpreters. The classic SPE generates programs by exhaustively enumerating all possible variable usage patterns into a given syntactic structure. Even though it is capable of producing many test programs, the exhaustive enumeration strategy generates a large number of invalid
-
sGuard+: Machine Learning Guided Rule-based Automated Vulnerability Repair on Smart Contracts. ACM Trans. Softw. Eng. Methodol. (IF 4.4) Pub Date : 2024-02-08 Cuifeng Gao, Wenzhang Yang, Jiaming Ye, Yinxing Xue, Jun Sun
Smart contracts are becoming appealing targets for hackers because of the vast amount of cryptocurrencies under their control. Asset loss due to the exploitation of smart contract codes has increased significantly in recent years. To guarantee that smart contracts are vulnerability-free, there are many works to detect the vulnerabilities of smart contracts, but only a few vulnerability repair works
-
Supporting Safety Analysis of Image-processing DNNs through Clustering-based Approaches ACM Trans. Softw. Eng. Methodol. (IF 4.4) Pub Date : 2024-02-07 Mohammed Oualid Attaoui, Hazem Fahmy, Fabrizio Pastore, Lionel Briand
The adoption of deep neural networks (DNNs) in safety-critical contexts is often prevented by the lack of effective means to explain their results, especially when they are erroneous. In our previous work, we proposed a white-box approach (HUDD) and a black-box approach (SAFE) to automatically characterize DNN failures. They both identify clusters of similar images from a potentially large set of images
-
Try with Simpler – An Evaluation of Improved Principal Component Analysis in Log-based Anomaly Detection ACM Trans. Softw. Eng. Methodol. (IF 4.4) Pub Date : 2024-02-07 Lin Yang, Junjie Chen, Shutao Gao, Zhihao Gong, Hongyu Zhang, Yue Kang, Huaan Li
With the rapid development of deep learning (DL), the recent trend of log-based anomaly detection focuses on extracting semantic information from log events (i.e., templates of log messages) and designing more advanced DL models for anomaly detection. Indeed, the effectiveness of log-based anomaly detection can be improved, but these DL-based techniques further suffer from the limitations of more heavy
-
DeepGD: A Multi-Objective Black-Box Test Selection Approach for Deep Neural Networks ACM Trans. Softw. Eng. Methodol. (IF 4.4) Pub Date : 2024-02-07 Zohreh Aghababaeyan, Manel Abdellatif, Mahboubeh Dadkhah, Lionel Briand
Deep neural networks (DNNs) are widely used in various application domains such as image processing, speech recognition, and natural language processing. However, testing DNN models may be challenging due to the complexity and size of their input domain. Particularly, testing DNN models often requires generating or exploring large unlabeled datasets. In practice, DNN test oracles, which identify the
-
Abstraction and Refinement: Towards Scalable and Exact Verification of Neural Networks ACM Trans. Softw. Eng. Methodol. (IF 4.4) Pub Date : 2024-02-05 Jiaxiang Liu, Yunhan Xing, Xiaomu Shi, Fu Song, Zhiwu Xu, Zhong Ming
As a new programming paradigm, deep neural networks (DNNs) have been increasingly deployed in practice, but the lack of robustness hinders their applications in safety-critical domains. While there are techniques for verifying DNNs with formal guarantees, they are limited in scalability and accuracy. In this paper, we present a novel counterexample-guided abstraction refinement (CEGAR) approach for
-
Beyond Fidelity: Explaining Vulnerability Localization of Learning-based Detectors ACM Trans. Softw. Eng. Methodol. (IF 4.4) Pub Date : 2024-01-31 Baijun Cheng, Mingsheng Zhao, Kailong Wang, Meizhen Wang, Guangdong Bai, Ruitao Feng, Yao Guo, Lei Ma, Haoyu Wang
Abstract: Vulnerability detectors based on deep learning (DL) models have proven their effectiveness in recent years. However, the shroud of opacity surrounding the decision-making process of these detectors makes it difficult for security analysts to comprehend. To address this, various explanation approaches have been proposed to explain the predictions by highlighting important features, which have
-
An Empirical Analysis of Issue Templates Usage in Large-Scale Projects on GitHub ACM Trans. Softw. Eng. Methodol. (IF 4.4) Pub Date : 2024-01-31 Emre Sülün, Metehan Saçakçı, Eray Tüzün
GitHub Issues is a widely used issue tracking tool in open-source software projects. Originally designed with broad flexibility, its lack of standardization led to incomplete issue reports, impeding software development and maintenance efficiency. To counteract this, GitHub introduced issue templates in 2016, which rapidly became popular. Our study assesses the current use and evolution of these templates
-
Analyzing and Detecting Information Types of Developer Live Chat Threads ACM Trans. Softw. Eng. Methodol. (IF 4.4) Pub Date : 2024-01-29 Xiuwei Shang, Shuai Zhang, Yitong Zhang, Shikai Guo, Yulong Li, Rong Chen, Hui Li, Xiaochen Li, He Jiang
Online chatrooms serve as vital platforms for information exchange among software developers. With multiple developers engaged in rapid communication and diverse conversation topics, the resulting chat messages often manifest complexity and lack structure. To enhance the efficiency of extracting information from chat threads, automatic mining techniques are introduced for thread classification. However
-
KADEL: Knowledge-Aware Denoising Learning for Commit Message Generation ACM Trans. Softw. Eng. Methodol. (IF 4.4) Pub Date : 2024-01-29 Wei Tao, Yucheng Zhou, Yanlin Wang, Hongyu Zhang, Haofen Wang, Wenqiang Zhang
Commit messages are natural language descriptions of code changes, which are important for software evolution such as code understanding and maintenance. However, previous methods are trained on the entire dataset without considering the fact that a portion of commit messages adhere to good practice (i.e., good-practice commits), while the rest do not. On the basis of our empirical study, we discover
-
Understanding Real-time Collaborative Programming: a Study of Visual Studio Live Share ACM Trans. Softw. Eng. Methodol. (IF 4.4) Pub Date : 2024-01-27 Xin Tan, Xinyue Lv, Jing Jiang, Li Zhang
Real-time collaborative programming (RCP) entails developers working simultaneously, regardless of their geographic locations. RCP differs from traditional asynchronous online programming methods, such as Git or SVN, where developers work independently and update the codebase at separate times. Although various real-time code collaboration tools (e.g., Visual Studio Live Share, Code with Me, and Replit)
-
Refining ChatGPT-Generated Code: Characterizing and Mitigating Code Quality Issues ACM Trans. Softw. Eng. Methodol. (IF 4.4) Pub Date : 2024-01-27 Yue Liu, Thanh Le-Cong, Ratnadira Widyasari, Chakkrit Tantithamthavorn, Li Li, Xuan-Bach D. Le, David Lo
Since its introduction in November 2022, ChatGPT has rapidly gained popularity due to its remarkable ability in language understanding and human-like responses. ChatGPT, based on GPT-3.5 architecture, has shown great promise for revolutionizing various research fields, including code generation. However, the reliability and quality of code generated by ChatGPT remain unexplored, raising concerns about
-
Test Input Prioritization for 3D Point Clouds ACM Trans. Softw. Eng. Methodol. (IF 4.4) Pub Date : 2024-01-27 Yinghua Li, Xueqi Dang, Lei Ma, Jacques Klein, Yves LE Traon, Tegawendé F. Bissyandé
Three-dimensional (3D) point cloud applications have become increasingly prevalent in diverse domains, showcasing their efficacy in various software systems. However, testing such applications presents unique challenges due to the high-dimensional nature of 3D point cloud data and the vast number of possible test cases. Test input prioritization has emerged as a promising approach to enhance testing
-
Test Optimization in DNN Testing: A Survey ACM Trans. Softw. Eng. Methodol. (IF 4.4) Pub Date : 2024-01-27 Qiang Hu, Yuejun Guo, Xiaofei Xie, Maxime Cordy, Lei Ma, Mike Papadakis, Yves Le Traon
This paper presents a comprehensive survey on test optimization in deep neural network (DNN) testing. Here, test optimization refers to testing with low data labeling effort. We analyzed 90 papers, including 43 from the software engineering (SE) community, 32 from the machine learning (ML) community, and 15 from other communities. Our study: (i) unifies the problems as well as terminologies associated
-
Mitigating Debugger-based Attacks to Java Applications with Self-Debugging ACM Trans. Softw. Eng. Methodol. (IF 4.4) Pub Date : 2024-01-25 Davide Pizzolotto, Stefano Berlato, Mariano Ceccato
Java bytecode is a quite high-level language and, as such, it is fairly easy to analyze and decompile with malicious intents, e.g., to tamper with code and skip license checks. Code obfuscation was a first attempt to mitigate malicious reverse engineering based on static analysis. However, obfuscated code can still be dynamically analyzed with standard debuggers to perform step-wise execution and to
-
Octopus: Scaling Value-Flow Analysis via Parallel Collection of Realizable Path Conditions ACM Trans. Softw. Eng. Methodol. (IF 4.4) Pub Date : 2024-01-24 Wensheng Tang, Dejun Dong, Shijie Li, Chengpeng Wang, Peisen Yao, Jinguo Zhou, Charles Zhang
Value-flow analysis is a fundamental technique in program analysis, benefiting various clients, such as memory corruption detection and taint analysis. However, existing efforts suffer from the low potential speedup that leads to a deficiency in scalability. In this work, we present a parallel algorithm Octopus to collect path conditions for realizable paths efficiently. Octopus builds on the realizability
-
Exploring Semantic Redundancy using Backdoor Triggers: A Complementary Insight into the Challenges facing DNN-based Software Vulnerability Detection ACM Trans. Softw. Eng. Methodol. (IF 4.4) Pub Date : 2024-01-24 Changjie Shao, Gaolei Li, Jun Wu, Xi Zheng
To detect software vulnerabilities with better performance, deep neural networks (DNNs) have received extensive attention recently. However, these vulnerability detection DNN models trained with code representations are vulnerable to specific perturbations on code representations. This motivates us to rethink the bane of software vulnerability detection and find function-agnostic features during code
-
Learning Failure-Inducing Models for Testing Software-Defined Networks ACM Trans. Softw. Eng. Methodol. (IF 4.4) Pub Date : 2024-01-23 Raphaël Ollando, Seung Yeob Shin, Lionel C. Briand
Software-defined networks (SDN) enable flexible and effective communication systems that are managed by centralized software controllers. However, such a controller can undermine the underlying communication network of an SDN-based system and thus must be carefully tested. When an SDN-based system fails, in order to address such a failure, engineers need to precisely understand the conditions under
-
Enablers and Barriers of Empathy in Software Developer and User Interactions: A Mixed Methods Case Study ACM Trans. Softw. Eng. Methodol. (IF 4.4) Pub Date : 2024-01-23 Hashini Gunatilake, John Grundy, Rashina Hoda, Ingo Mueller
Software engineering (SE) requires developers to collaborate with stakeholders, and understanding their emotions and perspectives is often vital. Empathy is a concept characterising a person’s ability to understand and share the feelings of another. However, empathy continues to be an under-researched human aspect in SE. We studied how empathy is practised between developers and end users using a mixed